A group of banks, technology companies and hardware makers looking to improve upon the username-and-password login systems that keep getting hacked reached a pivotal point in the effort Tuesday.
The Fast Identity Online, or FIDO, Alliance announced that it finalized the technical rules that companies must follow to get new login systems running. Websites and apps could replace passwords altogether or combine traditional logins with a second less-likely-to-be-hacked element such as a USB key, fingerprint scanning or eye or voice recognition.
Google has already begun allowing an $18 USB stick to be plugged in to log into a Gmail account, for instance. PayPal or Alipay users also can approve transactions by tapping the fingertip scanner on a Samsung Galaxy S5.
The idea is to make it so that there’s no central database a hacker could access to hijack accounts. The hacker would need to go through additional steps, hopefully making it far less worth the effort.
With the specifications set, the 150-member alliance expects a rush of companies to enhance login systems early next year.
“There should be a sudden explosion of deployments since there’s at least a dozen late-stage trials going into first half of 2015,” said Michael Barrett, the president of the alliance. “My expectation is a huge increase in FIDO-enabled websites and apps really will change the world.”
Other members of the alliance include Lenovo, MasterCard, Discover Financial Services, Visa, Alibaba and Bank of America.